alexei.dolgolyov/tiny-forge
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(docker-watcher): phase 8 security fixes

Browse Source 
Remove webhook secret from logs and API response.
Add auth-pending note to router. Fix decrypt fallback that
would use ciphertext as auth token on decrypt failure.
This commit is contained in:
Admin
2026-03-27 22:10:00 +03:00
parent 97d4243cfe
commit 757c72eea1
22 changed files with 1312 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files
web/src/lib/components/InstanceCard.svelte
+164
View File
@@ -0,0 +1,164 @@
<script lang="ts">
import type { Instance } from '$lib/types';
import StatusBadge from './StatusBadge.svelte';
import ConfirmDialog from './ConfirmDialog.svelte';
import * as api from '$lib/api';
interface Props {
instance: Instance;
projectId: string;
onchange?: () => void;
}
const { instance, projectId, onchange }: Props = $props();
let loading = $state(false);
let error = $state('');
let confirmAction = $state<'stop' | 'restart' | 'remove' | null>(null);
const subdomainUrl = $derived(
instance.subdomain ? `https://${instance.subdomain}` : ''
);
const timeSinceCreated = $derived(() => {
const created = new Date(instance.created_at);
const now = new Date();
const diffMs = now.getTime() - created.getTime();
const diffMins = Math.floor(diffMs / 60_000);
if (diffMins < 60) return `${diffMins}m ago`;
const diffHours = Math.floor(diffMins / 60);
if (diffHours < 24) return `${diffHours}h ago`;
const diffDays = Math.floor(diffHours / 24);
return `${diffDays}d ago`;
});
async function handleAction(action: 'stop' | 'start' | 'restart' | 'remove') {
loading = true;
error = '';
confirmAction = null;
try {
switch (action) {
case 'stop':
await api.stopInstance(projectId, instance.stage_id, instance.id);
break;
case 'start':
await api.startInstance(projectId, instance.stage_id, instance.id);
break;
case 'restart':
await api.restartInstance(projectId, instance.stage_id, instance.id);
break;
case 'remove':
await api.removeInstance(projectId, instance.stage_id, instance.id);
break;
}
onchange?.();
} catch (e) {
error = e instanceof Error ? e.message : 'Action failed';
} finally {
loading = false;
}
}
function requestConfirm(action: 'stop' | 'restart' | 'remove') {
confirmAction = action;
}
const confirmMessages: Record<string, string> = {
stop: 'This will stop the running container. The instance can be started again later.',
restart: 'This will restart the container, causing brief downtime.',
remove: 'This will permanently remove the container and its proxy configuration. This cannot be undone.'
};
</script>
<div class="rounded-lg border border-gray-200 bg-white p-4 shadow-sm">
<div class="flex items-start justify-between">
<div class="min-w-0 flex-1">
<div class="flex items-center gap-2">
<span class="truncate font-mono text-sm font-medium text-gray-900">
{instance.image_tag}
</span>
<StatusBadge status={instance.status} size="sm" />
</div>
{#if subdomainUrl}
<a
href={subdomainUrl}
target="_blank"
rel="noopener noreferrer"
class="mt-1 block truncate text-xs text-indigo-600 hover:text-indigo-800"
>
{instance.subdomain}
</a>
{/if}
<div class="mt-1 flex items-center gap-3 text-xs text-gray-500">
<span>Port {instance.port}</span>
<span>{timeSinceCreated()}</span>
</div>
</div>
<div class="ml-3 flex items-center gap-1">
{#if instance.status === 'running'}
<button
type="button"
class="rounded p-1.5 text-gray-400 hover:bg-gray-100 hover:text-yellow-600 disabled:opacity-50"
title="Stop"
disabled={loading}
onclick={() => requestConfirm('stop')}
>
<svg class="h-4 w-4" fill="none" viewBox="0 0 24 24" stroke-width="1.5" stroke="currentColor">
<rect x="6" y="6" width="12" height="12" rx="1" />
</svg>
</button>
<button
type="button"
class="rounded p-1.5 text-gray-400 hover:bg-gray-100 hover:text-blue-600 disabled:opacity-50"
title="Restart"
disabled={loading}
onclick={() => requestConfirm('restart')}
>
<svg class="h-4 w-4" fill="none" viewBox="0 0 24 24" stroke-width="1.5" stroke="currentColor">
<path stroke-linecap="round" stroke-linejoin="round" d="M16.023 9.348h4.992v-.001M2.985 19.644v-4.992m0 0h4.992m-4.993 0 3.181 3.183a8.25 8.25 0 0 0 13.803-3.7M4.031 9.865a8.25 8.25 0 0 1 13.803-3.7l3.181 3.182" />
</svg>
</button>
{:else if instance.status === 'stopped'}
<button
type="button"
class="rounded p-1.5 text-gray-400 hover:bg-gray-100 hover:text-green-600 disabled:opacity-50"
title="Start"
disabled={loading}
onclick={() => handleAction('start')}
>
<svg class="h-4 w-4" fill="none" viewBox="0 0 24 24" stroke-width="1.5" stroke="currentColor">
<path stroke-linecap="round" stroke-linejoin="round" d="M5.25 5.653c0-.856.917-1.398 1.667-.986l11.54 6.347a1.125 1.125 0 0 1 0 1.972l-11.54 6.347a1.125 1.125 0 0 1-1.667-.986V5.653Z" />
</svg>
</button>
{/if}
<button
type="button"
class="rounded p-1.5 text-gray-400 hover:bg-gray-100 hover:text-red-600 disabled:opacity-50"
title="Remove"
disabled={loading}
onclick={() => requestConfirm('remove')}
>
<svg class="h-4 w-4" fill="none" viewBox="0 0 24 24" stroke-width="1.5" stroke="currentColor">
<path stroke-linecap="round" stroke-linejoin="round" d="m14.74 9-.346 9m-4.788 0L9.26 9m9.968-3.21c.342.052.682.107 1.022.166m-1.022-.165L18.16 19.673a2.25 2.25 0 0 1-2.244 2.077H8.084a2.25 2.25 0 0 1-2.244-2.077L4.772 5.79m14.456 0a48.108 48.108 0 0 0-3.478-.397m-12 .562c.34-.059.68-.114 1.022-.165m0 0a48.11 48.11 0 0 1 3.478-.397m7.5 0v-.916c0-1.18-.91-2.164-2.09-2.201a51.964 51.964 0 0 0-3.32 0c-1.18.037-2.09 1.022-2.09 2.201v.916m7.5 0a48.667 48.667 0 0 0-7.5 0" />
</svg>
</button>
</div>
</div>
{#if error}
<p class="mt-2 text-xs text-red-600">{error}</p>
{/if}
</div>
<ConfirmDialog
open={confirmAction !== null}
title="{confirmAction ? confirmAction.charAt(0).toUpperCase() + confirmAction.slice(1) : ''} Instance"
message={confirmAction ? confirmMessages[confirmAction] ?? '' : ''}
confirmLabel={confirmAction ? confirmAction.charAt(0).toUpperCase() + confirmAction.slice(1) : ''}
confirmVariant={confirmAction === 'remove' ? 'danger' : 'primary'}
onconfirm={() => { if (confirmAction) handleAction(confirmAction); }}
oncancel={() => { confirmAction = null; }}
/>